You can add Palo Alto Networks Panorama as a data source in vRealize Network Insight.

Prerequisites

You must ensure that:

In the Panorama UI, perform the following steps to add an admin role for XML API.
  1. Select Panorama > Admin Roles.
  2. Click Add to add a new admin role.
  3. In the The Admin Role Profile window, enter the name to the role and select Panorama.
  4. Click the Web UI tab and deactivate all entries.
  5. Click the XML API tab and deactivate all entries, except Configuration and Operational Requests.
  6. Click OK to close the window.

    The new admin role appears in the list.

  7. Click Commit.
  8. Assign this role to an administrator account or create a new user and assign this role to the new user.
Note: vRealize Network Insight does not currently fetch local Palo Alto Network policies that are directly defined in the devices.
Note: vRealize Network Insight does not support the Palo Alto Panorama integration with multiple NSX managers.

Procedure

  1. Go to Settings > Accounts and Data Sources.
  2. Click Add Source.
  3. Under Firewalls, click Palo Alto Networks Panorama.
  4. In the Add a New Palo Alto Networks Panorama Account or Source page, provide the required information.
    Option Action
    Collector VM Select a collector VM from the drop-down menu.
    IP Address/FQDN Enter the IP address or the FQDN details.
    Username Enter the user name.
    Password Enter the password.
  5. Click Validate.
  6. Define the polling interval for the configuration data collection. You can set the polling interval from 10 minutes to 7 days.
    • Preset - Select the interval time from the predefined time set.
    • Custom Interval - Set a value and select Minutes, Hours, and Days.
    • Fixed Schedule - Select the days and set the time to schedule the interval.
  7. (Optional) In the Nickname text box, enter a nickname.
  8. (Optional) In the Notes text box, add a note if necessary.
  9. Click Submit.